Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
172
security advisoryremote code executioncross site scriptingUbuntu 24.04 PostfixAdmin An Important Fix for XSS Attack USN-8242-2
PostfixAdmin could be made to run malicious JavaScript in the user's browser if it received specially crafted input.. ========================================================================== Ubuntu Security Notice USN-8242-2 May 07, 2026 postfixadmin vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS Summary: PostfixAdmin could be made to run malicious JavaScript in the user's browser if it received specially crafted input. Software Description: - postfixadmin: Virtual mail hosting interface for Postfix Details: USN-8242-1 fixed a vulnerability in CiviCRM. This update provides the corresponding fix for PostfixAdmin. Original advisory details: Takuya Aramaki discovered that Smarty, vendored in CiviCRM, did not properly escape JavaScript code. An attacker could possibly use this issue to conduct a cross-site scripting attack. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS postfixadmin 3.3.13-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8242-2 https://ubuntu.com/security/notices/USN-8242-1 CVE-2023-28447 . PostfixAdmin vulnerability could lead to malicious JavaScript execution in users' browsers through crafted input.. PostfixAdmin JavaScript Security Ubuntu Update. . Severity: Important. LinuxSecurity.com Team
May 07, 2026
•Important
Ubuntu
172
security advisorydenial of serviceubuntuUbuntu 22.04 LTS USN-6550-1 moderate: postfixadmin denial of service
Several security issues were fixed in PostfixAdmin.. ========================================================================== Ubuntu Security Notice USN-6550-1 December 12, 2023 postfixadmin vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in PostfixAdmin. Software Description: - postfixadmin: Virtual mail hosting interface for Postfix Details: It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. (CVE-2022-29221) It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-31129) It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly escaping JavaScript code. An attacker could possibly use this issue to conduct cross-site scripting attacks (XSS). (CVE-2023-28447) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): postfixadmin 3.3.10-2ubuntu0.1~esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): postfixadmin 3.2.1-3ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): postfixadmin 3.0.2-2ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6550-1 CVE-2022-29221, CVE-2022-31129, CVE-2023-28447 . Ubuntu Security Advisory USN-6571-1addresses security flaws found in Phabricator affecting several Ubuntu releases.. PostfixAdmin Security, Denial of Service Threats, XSS Attacks. . LinuxSecurity.com Team
Dec 12, 2023
Ubuntu
87
security advisorymoderatedebianDebian: DSA-2889-1 Moderate: SQL Injection In Postfixadmin Resolved
An SQL injection vulnerability was discovered in postfixadmin, a web administration interface for the Postfix Mail Transport Agent, which allowed authenticated users to make arbitrary manipulations to the database. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2889-1
Mar 28, 2014
Debian
91
security advisorygentoosql injectionGentoo GLSA 201209-18 Normal: Postfixadmin SQL Injection and XSS
Multiple vulnerabilities have been found in Postfixadmin which may lead to SQL injection or cross-site scripting attacks.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Postfixadmin: Multiple vulnerabilities Date: September 27, 2012 Bugs: #400971 ID: 201209-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Postfixadmin which may lead to SQL injection or cross-site scripting attacks. Background ========= Postfixadmin is a web-based management tool for Postfix-style virtual domains and users. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/postfixadmin < 2.3.5 > = 2.3.5 Description ========== Multiple SQL injection vulnerabilities (CVE-2012-0811) and cross-site scripting vulnerabilities (CVE-2012-0812) have been found in Postfixadmin. Impact ===== A remote attacker could exploit these vulnerabilities to execute arbitrary SQL statements or arbitrary HTML and script code. Workaround ========= There is no known workaround at this time. Resolution ========= All Postfixadmin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/postfixadmin-2.3.5" References ========= [ 1 ] CVE-2012-0811 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0811 [ 2 ] CVE-2012-0812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0812 Availability =========== This GLSA and any updates to itare available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201209-18 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 27, 2012
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!